On 2014-03-11 13:23, Alex Rousskov wrote:
On 03/10/2014 03:50 PM, Amos Jeffries wrote:
I've been searching for some time for a crypto library that provides
algorithms like base64, MD4, MD5, SHA* etc that are used by Squid. So
we
can remove the bundled re-implementations and avoid some big issues
like
FIPS compliance of Squid.
Nettle appears to have become widely available in the last year or so
due to its use in GnuTLS and various DNSSEC tools. It is a freely
available GPLv3 library from GNU project easily availabel for download
for anyone who does not have it yet.
http://www.linuxfromscratch.org/blfs/view/svn/postlfs/nettle.html
You said "GPLv3" but the following page claims that Nettle is
distributed under LGPL. What does the source code say?
http://www.lysator.liu.se/~nisse/nettle/nettle.html#Copyright
Sorry. Yes the code says LGPL 2.1+
Nettle does all the existing Squid algorithms and many of the newer
SHA-512+, HMAC and AES algorithms as well. It provides a (relatively)
clean API of direct function calls to run each algorithm on a provided
buffer without any encumbered TLS/SSL layer or formatting requirements
which many of the SSL-based crypto libraries pull in.
Before I forge on ahead, does anyone have objections to adding it as a
build dependency of squid-3.5 and dropping our locally bundled crypto
code which overlaps?
Would it be prudent to ask on squid-users whether everybody has access
to libnettle on their platforms?
I do not know much about that library but have no objections if you
like
it, folks can install it on their platforms, and its license is LGPL.
Amos
